This article was produced in partnership with Tokio Marine HCC - Cyber and Professional Lines Group.
Desmond Devoy, of Insurance Business America, sat down with E.K Keller, underwriting manager for Tokio Marine HCC – Cyber & Professional Lines Group, to discuss the surge in cyber privacy lawsuits.
In this climate, cyber insurers give guidance to clients when it comes to the collection of personal information to websites visitors.
Of particular concern is online pixel tracking, which is resulting in an increase in lawsuits.
“We’ve seen a wave of class action lawsuits brought against healthcare providers and other businesses due to an alleged unauthorized collection of personal identifiable information (PII) and protected health information (PHI) with tracking pixels,” E.K. Keller, Underwriting Manager, Cyber & Tech E&O for Tokio Marine HCC – Cyber & Professional Lines Group (CPLG), a member of the Tokio Marine HCC group of companies based in Houston, Texas said.
But why is pixel tracking a problem?
“Federal law, state law, and HIPAA, require patient consent and business agreements to share PHI between companies,” he said. “Businesses may not even be aware that the data these trackers are collecting may require consent.”
Companies like Facebook, Amazon and Google all use pixels to track customers online.
“(Pixels are) an analytics tool that helps you measure how effective your ad companies are by monitoring the actions of people on your website. Simply put, it’s code that allows you to collect and track user actions and behaviours on a website,” he said. “They measure and improve the effectiveness of online advertising and user interactions with that website.” The pixels can be added either manually by a developer or through a partner integration.
Keller has noticed pixels in action online himself.
“Have you ever wondered why the same pair of shoes you looked up on Amazon are now appearing on Facebook, Instagram, YouTube, and even in your personal email?” he asked. “This is an example of some of the technology behind the curtain.”
These pixels are a necessary ingredient to our online existence.
“Our online world is all about advertising,” said Keller. “These advertisers track and learn user behaviour while they are moving between websites and utilize retarget ads to help increase conversion rates, making tracking pixels necessary.”
Embedded tracking pixels let it be known which websites you visit, especially which product pages, buttons you clicked, what form field words you use, geolocation information, and even devices used (iPad, laptop, tablet, etc.)
“The collected information gets sent back to companies like Facebook, Google, etc.,” said Keller, who then use that data to retarget a company’s advertisements.
All an average shoe company wants to do online is sell you a shoe, or, better yet, many shoes.
But why is pixel tracking a problem?
Recent lawsuits have accused companies of collecting HIPAA protected information through healthcare provider patient portals, which may have included appointment details, health conditions, treating physicians, test results, allergies, and other sensitive information, “all of which is claimed to have been potentially sent to Facebook,” he said.
Where the rubber is hitting the road for insurance companies are the settlements. According to Bloomberg Law, Mass General Brigham health system in Boston agreed to pay $18 million in 2022 to settle a class action lawsuit over the use of web analytics tools that collect data about visitors who use their website. Mass General has denied the suit’s allegations, according to Bloomberg, but it does use tracking tools from companies like Facebook and Google.
“In addition to the exposure organizations may face from class action lawsuits, there is breach notification and regulatory fines and penalties coverage that can also be triggered,” said Keller.
So how widespread are pixels? According to Keller’s research, pixels are embedded in 30% of the top 80,000 most popular websites. They are also embedded in 33 of the top 100 hospital websites in America.
“Our perspective is, it’s best to have your clients build their action plan to address this rising concern,” said Keller. “And we encourage them to do a few things.”
In particular, Keller advises:
In this process, where applicable, Keller urges that you “seek the necessary legal counsel to ensure compliance, because navigating this evolving cyber landscape is tricky. It’s important for clients to know how their cyber insurance provides protection. We encourage you to reach out to your cyber and tech underwriting team to learn more about solutions a cyber policy can offer for this exposure.”
Biography: E.K. Keller is based on out of Atlanta, GA. He is the Underwriting Manager for Tokio Marine HCC – Cyber & Professional Lines Group which is part of the Tokio Marine HCC group of companies based in Houston, Texas, managing its cyber and tech errors & omissions team for the Southeast. He provides underwriting and client support, offering a variety of insurance solutions that incorporate broad first- and third-party coverage for cyber, multimedia, and technology errors and omissions exposures. He has been in the industry since 2007 and has been with the company since 2021.